High stakes in cyberspace

SINGAPORE – The arena for military competition and conflict has expanded dangerously in the past few decades. Wars used to be waged on relatively small areas of land and sea. World War I, fought mainly in Western Europe, involved combat aircraft and military airspace for the first time.

World War II, ending in 1945, started in Europe, spread to Asia and became global in its reach and effects. This extended impact of warfare was intensified in the Cold War by nuclear weapons. Space became a frontier for potential inter-state conflict after the Soviet Union launched the first artificial satellite in 1957, and both the Soviet Union and the United States later tested weapons that could destroy or disable satellites used for communications and other critical purposes.

The latest realm for espionage and unleashing new weapons is cyberspace, the largely invisible web of interconnected computer and information networks that form the operational fibers of advanced economies and their defense forces. Relations between China and the U.S. and its allies, strained by military rivalries and maritime disputes in the Asia-Pacific region, are also grating in cyberspace.

The Obama administration responded quickly following a report on Feb. 19 by Mandiant, a U.S. Internet security firm, citing evidence that a Shanghai-based unit of the Chinese armed forces was responsible for acts of computer espionage against 141 companies spanning 20 major industries around the world since 2006, including cyber-attacks on American corporations and government agencies.

“The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber-intrusions, including the theft of commercial information,” said White House spokesman Jay Carney. He added that the U.S. had “repeatedly raised our concerns at the highest levels about cyber-theft with senior Chinese officials, including in the military, and we will continue to do so.”

China’s armed forces replied by saying that the Mandiant report was groundless and that Chinese military computers had suffered “a large number” of foreign attacks, with “a considerable number” of them originating from the U.S.

In September 2010, then U.S. Deputy Secretary of Defense William Lynn said that the Pentagon had officially recognized cyberspace as an operational domain. “Our assessment is that cyber-attacks will be a significant component of future conflicts,” he wrote a year later. “Over thirty countries are creating cyber units in their militaries.”

Lynn said it was unrealistic to believe that all these countries would limit their cyber capabilities to defense. “The centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.” He noted that there had been disruptive cyber-attacks against Estonia in 2007 and Georgia in 2008, both thought to have come from Russia. “In a development of extraordinary importance, cyber technologies now exist that are capable of destroying critical networks, causing physical damage, or altering the performance of key systems,” Lynn said. “In the 21st century, bits and bytes are as threatening as bullets and bombs …”

The U.S. has real insights into the potential of cyber weapons. In mid-2010, thousands of centrifuges, enriching uranium at nuclear facilities in Iran, spun out of control. The instruments, which can concentrate uranium into fissile material for nuclear weapons, were mysteriously reprogrammed to run faster than normal, pushing them to breaking point.

Iranian computer systems, however, inexplicably showed that the centrifuges were operating properly. The malfunction, it was later revealed, was caused by a computer virus called Stuxnet. It was presumed to be the work of the U.S. and Israel and is one of the most sophisticated cyber weapons to emerge so far.

The infiltration was initially thought to have set back Iran’s suspected nuclear weapons program by three to five years. But current estimates of the damage range from two years to a few months.

The Pentagon’s Cyber Command has been fully operational since 2011 — a development China claims has militarized cyberspace. However, U.S. officials say the command was formed only after repeated serious foreign hacking into the computer and data storage networks of U.S. military and civilian government agencies, corporations and research institutes, much of it suspected to have come from China.

The British, French, German, Canadian, Japanese, Indian and Australian security services have all warned their government agencies, companies and research organizations about the risk from China.

U.S. officials acknowledge that there remain many weaknesses in the cyber-defenses of the world’s largest economy and its biggest military force. The White House released a new strategy on Feb. 20 to strengthen these defenses. It followed an executive order signed by President Barack Obama earlier this month to create voluntary cyber-security standards for companies running critical infrastructure such as electricity grids.

It White House strategy paper was peppered with examples of alleged Chinese theft of corporate secrets to enable the military and state-owned firms to overhaul their counterparts in the West. In the past, this used to be done mainly by recruiting human spies. Today, it is largely done remotely by infiltrating computer networks of target government agencies and firms.

“Trade-secret theft threatens American businesses, undermines national security, and places the security of the U.S. economy in jeopardy,” the paper outlining the strategy says. “These acts also diminish U.S. exports prospects around the globe and put American jobs at risk.”

The Washington Post reported recently that a new intelligence assessment had concluded that the U.S. is the target of a massive, sustained cyber-espionage campaign. It said that the still-secret National Intelligence Estimate identifies China as the country most actively seeking to penetrate U.S. computer systems, although three other countries — Russia, Israel and France — were also named as having engaged in hacking for economic intelligence in the past five years.

Estimates of the annual loss to the U.S. economy range from $25 billion to $100 billion. James Lewis, a former U.S. State Department official who is now a cyber-security specialist at the Center for Strategic and International Studies, says that China is not the only country to use economic espionage, but it is the most aggressive.

He says that in key industries, including telecommunications, aerospace, energy and defense, the collection, and gradual application, of foreign blueprints and know-how has reached a point where “the time it takes to turn stolen technology into a product is decreasing as China’s ability to absorb and utilize technology improves.”

As China catches up with the West in technology and relies to an equivalent degree on cyberspace for both economic and military security, it may have a common interest in negotiating a cyberspace detente. But until that happens cyber-defenses — and offensive capabilities — are likely to continue to be sharpened in Japan and other major economies.

Michael Richardson is a visiting senior research fellow at the Institute of South East Asian Studies in Singapore.